BIT-gitlab-2025-0186

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/gitlab/BIT-gitlab-2025-0186.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-gitlab-2025-0186
Aliases
  • CVE-2025-0186
Published
2026-04-24T09:05:10.195Z
Modified
2026-04-24T09:33:49.778159Z
Summary
Allocation of Resources Without Limits or Throttling in GitLab
Details

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by making crafted requests to a discussions endpoint.

Database specific
{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"
    ]
}
References

Affected packages

Bitnami / gitlab

Package

Name
gitlab
Purl
pkg:bitnami/gitlab

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
10.6.0
Fixed
18.9.6
Introduced
18.10.0
Fixed
18.10.4
Introduced
18.11.0
Fixed
18.11.1

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/gitlab/BIT-gitlab-2025-0186.json"